---
lvm_size: 20000
mem_size: 2048
num_cpus: 1

# Definining these vars has a number of effects
# 1) mod_wsgi is configured to use the vars for its own setup
# 2) iptables opens enough ports for all threads for fedmsg
# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
wsgi_fedmsg_service: mbs
wsgi_procs: 2
wsgi_threads: 2

tcp_ports: [ 80 ]

# Neeed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]

fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran

# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: mbs
  owner: fedmsg
  group: fedmsg
  can_send:
  - mbs.module.state.change
  # Only the backend sends this message..
  #- mbs.component.state.change

# For the MOTD
csi_security_category: Moderate 
csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org
csi_purpose: Run the module-build-service frontend API.
csi_relationship: |
    The apache/mod_wsgi app is the only thing really running here

    This host relies on db01 for its database of activity (what module builds
    are in flight?)

    It has no special credentials itself.  When a module build it submitted, it
    makes a note in the DB and publishes a fedmsg message.  The mbs backend
    nodes do all the work of talking to koji.
